The Homeland Security Department quietly added another watch list to the airline passenger screening program. Ironically, the new Transportation Security Administration list is culled from names of frequent fliers kicked out of an expedited screening program.

Under the new TSA PreCheck system, known travelers who clear background checks get to leave on shoes, jackets and belts and not bother unloading laptops or liquids, as they board through a dedicated speed lane. But, as of November, previous PreCheck participants disqualified from the program due to certain violations are named in a new watch list that is part of the TSA screening system Secure Flight.

TSA “is creating and maintaining a watch list of individuals who are disqualified from eligibility from TSA Pre✓TM, for some period of time or permanently, because they have been involved in violations of security regulations of sufficient severity or frequency,” stated a Nov. 19 notice of the recordkeeping change.

The change went into effect without public input. Under the 1974 Privacy Act, TSA was not obligated to collect comments from citizens before the list was activated, agency officials said Friday.

TSA denying flyers the chance to comment in advance rankled some privacy advocates who have long complained about errors that cause delays in the various other Secure Flight watch lists. Through the Secure Flight program, TSA employees screen booking information about travelers against various intelligence databases, such as the No Fly list, before issuing boarding passes. Generally, passengers identified on a watch list are either barred from the plane or must undergo additional inspection.

Agency officials contend that the new Secure Flight “watch list” is a different kind of watch list. Individuals cited on the disqualification watch list simply are banned from the PreCheck speed lane “and would instead undergo standard screening,” TSA spokeswoman Lorie Dankers said.

PreCheck is intended to prevent delays for known travelers but “unbeknownst to them they could end up delaying the whole process because now they are on a watch list,” said Khaliah Barnes, administrative law counsel for the Electronic Privacy Information Center.

One concern about this new watch list is that it will generate false alarms when travelers share identical or similar names to individuals on the disqualification list. Civil liberties groups and other critics point to past mismatches, such as the 2004 revelation that airline agents tried to block then-Sen. Edward Kennedy, D-Mass., from boarding because his name resembled an alias used by a suspected terrorist on a watch list.

The TSA PreCheck Disqualification List consists of PreCheck participants who were temporarily or permanently barred for violations of certain aviation security rules such as packing a loaded firearm in carry-on luggage or carrying fake documents.

Under the new policy, the worry is that, for example, a PreCheck flyer sharing the same name as a suspected criminal might be added to the disqualification watch list. Or, TSA employees might identify matches based on comparisons between valid PreCheck traveler information and incorrect information in the disqualification database. The upshot, in both cases, is the passenger might need to undergo unnecessary screening and miss a flight.

On Friday, TSA officials said it would be very unlikely to find clerical errors in the disqualification watch list or draw false positives because each known traveler has a unique nine-digit ID number. For instance, a PreCheck participant named “Joseph Smith” who arrives at the airport would not be mistaken for a “Joe Smith” on the PreCheck disqualification list, since the two Mr. Smiths would be registered under different pass codes.

The airline industry declined to weigh in on the PreCheck disqualification watch list. “Given the sensitivity of security issues, we do not comment on procedures and practices,” said Victoria Day, spokeswoman for trade group Airlines for America.

The notice released Nov. 19 stated the known traveler disqualification watch list “updated system will be effective upon publication.” The record-keeping changes “are minor or administrative and are not subject to the comment requirement,” Dankers said.

Barnes said, “DHS has removed any meaningful opportunity for individuals to comment. If the system goes into effect on the day of publication, what’s the purpose of individuals submitting comments?”

FROM OUR SPONSORS

sponsored

JOIN THE DISCUSSION

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has
no obligation to), it reserves the right to delete, edit, or move any material that it deems to
be in violation of this rule.

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

Data-Centric Security vs. Database-Level Security

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.